SNS - Stay connected!

Speakers

/* No speaking simultaneous interpretation is available , however, we try to show the slides in both english & japanese as much as we can. *//* [en] means English speaker, [ja] means Japanese speaker. */

[ja] ROP Illmatic: Exploring Universal ROP on glibc x86-64

inaz2

Today, ROP (Return-oriented Programming) is widely used method for arbiraty code execution via program vulnerabilities.
In this talk, based on latest Ubuntu Linux on x86-64, I present some ROP techniques obtained through bypassing security mitigations and searching generic way for any executables.

inaz2 :A security engineer who desires to be a Zashiki-warashi (Japanese
specter).
http://inaz2.hatenablog.com/

[ja] HTML5 ApplicationCache Poisoning of horrorkyo_ago

ApplicationCachePoisoning is a hot topic these days. I suppose that many of you have problems as follows: "What kind of damage is coming out?", "I don't know how to attack.", "How can I protect against it?"
In this talk, I will provide and demonstrate specific attack technique, the actual anticipated damage, attack code and protection technique.

kyo_ago :Despite ApplicationCachePoisoning NEWBIE about one year and 3 months, I will try my best to enjoy everyone using real attack vector examples.

[en] The 100yen Cyber Analyst ToolkitSecurity4all

Incident response and forensics is becoming more and more important for security teams across companies. We are seeing more and more databreaches every year.

Often IT (security) teams are not fully prepared or do not have the budget for security analysis tools or their own security analysis lab. This presentation will show how anyone without access to his own lab or tools can leverage online (crowdsourced) security tools and platforms for his own incident response. Call it the 100 yen Cybersecurity Toolkit.

Security4all :Security4all has been working in IT security for 10 years and moved to Tokyo 2 years ago. He is a co-founder of BruCON, a Belgian security conference and frequents hacker conferences and hackerspaces around the world. He believes in building bridges in the security and hacker community and you can find him often at hacker conferences with a club mate in his hand.

[ja] Future of Web security opened up by CSPhasemunea (nishimunea and HASEGAWA Yosuke)

Content-Security-Policy is implemented in modern browsers including Firefox for the purpose of eradication of XSS, and is improved continuously.
Although Content-Security-Policy is already used by the latest Web Service like Twitter or GitHub, since the feature of Content-Security-Policy is continuing growth avariciously, there is a remarkable hurdle in introduction to a general website.
This presentation will show the current state of CSP, and demonstrations of the merit demerit acquired by implementation of CSP.

There are many white papers and security advisories, but in Japan, we have little information about what will happen after Exploits or Security Incidents broke out.
I'd like to show you 'MOUSOU' tale. 'MOUSOU' is a very famous Japanese word, it means that some visions in one's mind, not a real thing.
This presentation will show 'MOUSOU' tale with known information as a spice.: What will happen after Exploits or Security Incidents broke out?

We have been overcome some Information security incident in Japan.
At this time we will look back about some past incident with panelers who is parties of the incident or observers of it.
And we will talk about recent engineer's runaway and "rule of game".